29th March 2018: Leading CPaaS provider, CLX Communications AB (NASDAQ XSTO:CLX), today announced the creation of a European Economic Area (EEA) messaging infrastructure, to help enterprises meet GDPR compliance requirements.

GDPR stipulates that personal data can be stored in any country provided that country has adequate levels of data protection. It also stipulates that personal data can flow freely within All EEA countries (EU + Norway, Liechtenstein & Iceland).

In all other countries personal data can only be transferred under the condition that the entities receiving the personal data have entered into a EU Standard Contract Clause, or the entity has Binding Corporate Rules.

The new CLX API guarantees message data will remain in the EEA by leveraging its vast Tier 1 Super Network. This will allow the creation of a GDPR specific routing class that ensures messages sent to Data Subjects (consumers) in the EU, will only use mobile network operators located within the EU, without needing to hand-off any data to third parties.

Whereas other CPaaS providers operate an architecture that may allow personal data to flow through countries outside the EEA, for many enterprises, particularly in the Government, Banking and Financial Services sectors, keeping data within the EEA bloc is the only way of guaranteeing messages fall within the GDPR requirements.

CLX has spent the last 12 months preparing for the GDPR deadline of May 25th. The company’s comprehensive set of measures and checks include:

GDPR trained support teams located within the EU to ensure data does not leave the EEA inadvertently through the support process.

Restricting the time that log files are stored to the absolute minimum after which all data is anonymized.

Signing Data Protection Agreements with all CLX customers, and suppliers.

Ensuring that Data Subjects can request that their data can be reviewed, deleted and modified if required.

Robert Gerstmann, Chief Product Officer at CLX commented, ‘The complexities of GDPR mean that enterprises can’t afford to be found lacking when it comes to compliance. Consumers too are increasingly aware of their rights as data-citizens under the protection of the new regulatory framework.